Prof. Jorge Cuellar

Title: Securing the future IoT Applications



Biography

Dr. Jorge Cuellar is a principal research scientist at Siemens AG. He was awarded the DI-ST Award for the best technical Achievement for his work on modelling of operating systems and transaction managers. He has worked in several topics, including performance analysis, on learning algorithms, hand-writing recognition, formal verification of distributed system design, and security and he has co-authored 50 publications. He has done technical standardization work on privacy and security protocols at the IETF, 3GPP, and the Open Mobile Alliance. He has worked in several EU funded research projects, mostly on security topics. He regularly serves in Program Committees for international conferences and he has held many short term visiting teaching positions, in different Universities around the world.

Abstract

In a near future, computing devices -- belonging to different owners with competing expectations and diverse security goals -- will be embedded into all sort of commonplace objects, including smart surfaces or devices in buildings and at home, wearables, city and transportation infrastructure, etc. The IoT promise is that those "things" will talk to each other and will create self-configuring systems. There is a need to negotiate compromises ("contracts") that manage their interactions and interoperate the security policies and functionality goals.

We require a formal language for specifying the possible interactions and contracts and to enforce the agreements reached.  We propose to use Petri-Nets, Smart Contracts and a public ledger (like a blockchain or a Merkle Tree). The system resembles in some aspects Bitcoins, Etherum or other cryptocurrencies, but instead of coins, the tokens represent mostly permissions ("authorization tokens") or information.  To allow verification, we avoid Turing-complete contracts, but construct smart contracts using Petri Nets based on building blocks with cryptographic functionality (secure or fair interactions) or guarded commands. 

In this short course we will review how to construct and to use authorization tokens for IoT, how to create workflows as Petri Nets, how to define and implement basic cryptographic building blocks, how to use them to create more complex smart contracts, how to use a public ledger for common information and for resolving disputes.